[svn] GnuPG - r4968 - in trunk: agent doc g10 sm
svn author wk
cvs at cvs.gnupg.org
Wed Mar 25 17:05:17 CET 2009
Author: wk
Date: 2009-03-25 17:05:16 +0100 (Wed, 25 Mar 2009)
New Revision: 4968
Modified:
trunk/agent/ChangeLog
trunk/agent/pkdecrypt.c
trunk/doc/DETAILS
trunk/g10/ChangeLog
trunk/g10/mainproc.c
trunk/sm/ChangeLog
trunk/sm/certdump.c
trunk/sm/decrypt.c
trunk/sm/fingerprint.c
trunk/sm/gpgsm.h
trunk/sm/keylist.c
trunk/sm/verify.c
Log:
Print NO_SECKEY status line in gpgsm.
This fixes bug#1020.
Modified: trunk/agent/ChangeLog
===================================================================
--- trunk/agent/ChangeLog 2009-03-25 14:58:31 UTC (rev 4967)
+++ trunk/agent/ChangeLog 2009-03-25 16:05:16 UTC (rev 4968)
@@ -1,5 +1,8 @@
2009-03-25 Werner Koch <wk at g10code.com>
+ * pkdecrypt.c (agent_pkdecrypt): Return a specific error message
+ if the key is not available.
+
* gpg-agent.c (main): Print a started message to show the real pid.
2009-03-20 Werner Koch <wk at g10code.com>
Modified: trunk/g10/ChangeLog
===================================================================
--- trunk/g10/ChangeLog 2009-03-25 14:58:31 UTC (rev 4967)
+++ trunk/g10/ChangeLog 2009-03-25 16:05:16 UTC (rev 4968)
@@ -1,3 +1,7 @@
+2009-03-25 Werner Koch <wk at g10code.com>
+
+ * mainproc.c (print_pkenc_list): Use snprintf.
+
2009-03-17 Werner Koch <wk at g10code.com>
* call-agent.c (my_percent_plus_escape): Remove.
Modified: trunk/sm/ChangeLog
===================================================================
--- trunk/sm/ChangeLog 2009-03-25 14:58:31 UTC (rev 4967)
+++ trunk/sm/ChangeLog 2009-03-25 16:05:16 UTC (rev 4968)
@@ -1,3 +1,10 @@
+2009-03-25 Werner Koch <wk at g10code.com>
+
+ * decrypt.c (gpgsm_decrypt): Print ENC_TO and NO_SECKEY
+ stati. Fixes bug#1020.
+ * fingerprint.c (gpgsm_get_short_fingerprint): Add arg R_HIGH and
+ change all callers.
+
2009-03-23 Werner Koch <wk at g10code.com>
* delete.c (delete_one): Also delete ephemeral certificates if
Modified: trunk/agent/pkdecrypt.c
===================================================================
--- trunk/agent/pkdecrypt.c 2009-03-25 14:58:31 UTC (rev 4967)
+++ trunk/agent/pkdecrypt.c 2009-03-25 16:05:16 UTC (rev 4968)
@@ -69,7 +69,10 @@
CACHE_MODE_NORMAL, &s_skey);
if (rc)
{
- log_error ("failed to read the secret key\n");
+ if (gpg_err_code (rc) == GPG_ERR_ENOENT)
+ rc = gpg_error (GPG_ERR_NO_SECKEY);
+ else
+ log_error ("failed to read the secret key\n");
goto leave;
}
Modified: trunk/doc/DETAILS
===================================================================
--- trunk/doc/DETAILS 2009-03-25 14:58:31 UTC (rev 4967)
+++ trunk/doc/DETAILS 2009-03-25 16:05:16 UTC (rev 4968)
@@ -309,13 +309,13 @@
since epoch or an ISO 8601 string which can be detected by the
presence of the letter 'T' inside.
+ ENC_TO <long_keyid> <keytype> <keylength>
+ The message is encrypted to this LONG_KEYID. KEYTYPE is the
+ numerical value of the public key algorithm or 0 if it is not
+ known, KEYLENGTH is the length of the key or 0 if it is not
+ known (which is currently always the case). Gpg prints this
+ line always; Gpgsm only if it knows the certificate.
- ENC_TO <long keyid> <keytype> <keylength>
- The message is encrypted to this keyid.
- keytype is the numerical value of the public key algorithm,
- keylength is the length of the key or 0 if it is not known
- (which is currently always the case).
-
NODATA <what>
No data has been found. Codes for what are:
1 - No armored data.
Modified: trunk/g10/mainproc.c
===================================================================
--- trunk/g10/mainproc.c 2009-03-25 14:58:31 UTC (rev 4967)
+++ trunk/g10/mainproc.c 2009-03-25 16:05:16 UTC (rev 4968)
@@ -469,8 +469,8 @@
if( list->reason == G10ERR_NO_SECKEY ) {
if( is_status_enabled() ) {
char buf[20];
- sprintf(buf,"%08lX%08lX", (ulong)list->kid[0],
- (ulong)list->kid[1] );
+ snprintf (buf, sizeof buf, "%08lX%08lX",
+ (ulong)list->kid[0], (ulong)list->kid[1]);
write_status_text( STATUS_NO_SECKEY, buf );
}
}
Modified: trunk/sm/certdump.c
===================================================================
--- trunk/sm/certdump.c 2009-03-25 14:58:31 UTC (rev 4967)
+++ trunk/sm/certdump.c 2009-03-25 16:05:16 UTC (rev 4968)
@@ -952,7 +952,7 @@
"created %s, expires %s.\n" ),
subject? subject:"?",
sn? sn: "?",
- gpgsm_get_short_fingerprint (cert),
+ gpgsm_get_short_fingerprint (cert, NULL),
created, expires);
i18n_switchback (orig_codeset);
Modified: trunk/sm/decrypt.c
===================================================================
--- trunk/sm/decrypt.c 2009-03-25 14:58:31 UTC (rev 4967)
+++ trunk/sm/decrypt.c 2009-03-25 16:05:16 UTC (rev 4968)
@@ -362,7 +362,10 @@
ksba_sexp_t enc_val;
char *hexkeygrip = NULL;
char *desc = NULL;
+ char kidbuf[16+1];
+ *kidbuf = 0;
+
rc = ksba_cms_get_issuer_serial (cms, recp, &issuer, &serial);
if (rc == -1 && recp)
break; /* no more recipients */
@@ -394,6 +397,25 @@
log_error ("failed to get cert: %s\n", gpg_strerror (rc));
goto oops;
}
+
+ /* Print the ENC_TO status line. Note that we can
+ do so only if we have the certificate. This is
+ in contrast to gpg where the keyID is commonly
+ included in the encrypted messages. It is too
+ cumbersome to retrieve the used algorithm, thus
+ we don't print it for now. We also record the
+ keyid for later use. */
+ {
+ unsigned long kid[2];
+
+ kid[0] = gpgsm_get_short_fingerprint (cert, kid+1);
+ snprintf (kidbuf, sizeof kidbuf, "%08lX%08lX",
+ kid[1], kid[0]);
+ gpgsm_status2 (ctrl, STATUS_ENC_TO,
+ kidbuf, "0", "0", NULL);
+ }
+
+
/* Just in case there is a problem with the own
certificate we print this message - should never
happen of course */
@@ -430,6 +452,8 @@
{
log_info ("decrypting session key failed: %s\n",
gpg_strerror (rc));
+ if (gpg_err_code (rc) == GPG_ERR_NO_SECKEY && *kidbuf)
+ gpgsm_status2 (ctrl, STATUS_NO_SECKEY, kidbuf, NULL);
}
else
{ /* setup the bulk decrypter */
Modified: trunk/sm/fingerprint.c
===================================================================
--- trunk/sm/fingerprint.c 2009-03-25 14:58:31 UTC (rev 4967)
+++ trunk/sm/fingerprint.c 2009-03-25 16:05:16 UTC (rev 4968)
@@ -140,13 +140,16 @@
}
/* Return a certificate ID. These are the last 4 bytes of the SHA-1
- fingerprint. */
+ fingerprint. If R_HIGH is not NULL the next 4 bytes are stored
+ there. */
unsigned long
-gpgsm_get_short_fingerprint (ksba_cert_t cert)
+gpgsm_get_short_fingerprint (ksba_cert_t cert, unsigned long *r_high)
{
unsigned char digest[20];
gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL);
+ if (r_high)
+ *r_high = ((digest[12]<<24)|(digest[13]<<16)|(digest[14]<< 8)|digest[15]);
return ((digest[16]<<24)|(digest[17]<<16)|(digest[18]<< 8)|digest[19]);
}
Modified: trunk/sm/gpgsm.h
===================================================================
--- trunk/sm/gpgsm.h 2009-03-25 14:58:31 UTC (rev 4967)
+++ trunk/sm/gpgsm.h 2009-03-25 16:05:16 UTC (rev 4968)
@@ -229,7 +229,7 @@
/*-- server.c --*/
void gpgsm_server (certlist_t default_recplist);
gpg_error_t gpgsm_status (ctrl_t ctrl, int no, const char *text);
-gpg_error_t gpgsm_status2 (ctrl_t ctrl, int no, ...);
+gpg_error_t gpgsm_status2 (ctrl_t ctrl, int no, ...) GNUPG_GCC_A_SENTINEL(0);
gpg_error_t gpgsm_status_with_err_code (ctrl_t ctrl, int no, const char *text,
gpg_err_code_t ec);
gpg_error_t gpgsm_proxy_pinentry_notify (ctrl_t ctrl,
@@ -240,7 +240,8 @@
unsigned char *array, int *r_len);
char *gpgsm_get_fingerprint_string (ksba_cert_t cert, int algo);
char *gpgsm_get_fingerprint_hexstring (ksba_cert_t cert, int algo);
-unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert);
+unsigned long gpgsm_get_short_fingerprint (ksba_cert_t cert,
+ unsigned long *r_high);
unsigned char *gpgsm_get_keygrip (ksba_cert_t cert, unsigned char *array);
char *gpgsm_get_keygrip_hexstring (ksba_cert_t cert);
int gpgsm_get_key_algo_info (ksba_cert_t cert, unsigned int *nbits);
Modified: trunk/sm/keylist.c
===================================================================
--- trunk/sm/keylist.c 2009-03-25 14:58:31 UTC (rev 4967)
+++ trunk/sm/keylist.c 2009-03-25 16:05:16 UTC (rev 4968)
@@ -672,7 +672,7 @@
(void)have_secret;
es_fprintf (fp, " ID: 0x%08lX\n",
- gpgsm_get_short_fingerprint (cert));
+ gpgsm_get_short_fingerprint (cert, NULL));
sexp = ksba_cert_get_serial (cert);
es_fputs (" S/N: ", fp);
@@ -1042,7 +1042,7 @@
(void)have_secret;
es_fprintf (fp, " ID: 0x%08lX\n",
- gpgsm_get_short_fingerprint (cert));
+ gpgsm_get_short_fingerprint (cert, NULL));
sexp = ksba_cert_get_serial (cert);
es_fputs (" S/N: ", fp);
Modified: trunk/sm/verify.c
===================================================================
--- trunk/sm/verify.c 2009-03-25 14:58:31 UTC (rev 4967)
+++ trunk/sm/verify.c 2009-03-25 16:05:16 UTC (rev 4968)
@@ -450,7 +450,7 @@
else
log_printf (_("[date not given]"));
log_printf (_(" using certificate ID 0x%08lX\n"),
- gpgsm_get_short_fingerprint (cert));
+ gpgsm_get_short_fingerprint (cert, NULL));
if (msgdigest)
More information about the Gnupg-commits
mailing list